package com.avoid.easymqtt.remoting.netty;

import com.avoid.easymqtt.remoting.common.TlsMode;
import io.netty.handler.ssl.SslContext;

/**
 * Tsl系统配置
 *
 * @author avoid@fiture.com
 * @date 2022/5/5
 * @motto Life is so short,do something to make yourself happy,such as coding
 */
public class TlsSystemConfig {

    public static final String TLS_SERVER_MODE = "tls.server.mode";
    public static final String TLS_CONFIG_FILE = "tls.config.file";

    public static final String TLS_SERVER_KEYPATH = "tls.server.keyPath";
    public static final String TLS_SERVER_KEYPASSWORD = "tls.server.keyPassword";
    public static final String TLS_SERVER_CERTPATH = "tls.server.certPath";
    public static final String TLS_SERVER_AUTHCLIENT = "tls.server.authClient";
    public static final String TLS_SERVER_TRUSTCERTPATH = "tls.server.trustCertPath";
    public static final String TLS_SERVER_NEED_CLIENT_AUTH = "tls.server.need.client.auth";

    /**
     * 对于服务器，支持三种SSL模式：禁用、允许和强制。
     * <ol>
     * <li><strong>disabled:</strong> SSL不受支持；任何传入的SSL握手都将被拒绝，导致连接关闭。</li>
     * <li><strong>permissive:</strong> SSL是可选的，也就是说，在这种模式下，服务器可以为有或没有SSL的客户端连接提供服务；</li>
     * <li><strong>enforcing:</strong> 需要SSL，即非SSL连接将被拒绝。</li>
     * </ol>
     */
    public static TlsMode tlsMode = TlsMode.parse(System.getProperty(TLS_SERVER_MODE, "permissive"));

    /**
     * 存储上述TLS相关配置的配置文件， 除了 {@link TlsSystemConfig#tlsMode}
     */
    public static String tlsConfigFile = System.getProperty(TLS_CONFIG_FILE, "/etc/rocketmq/tls.properties");

    /**
     * 服务器端私钥的存储路径
     */
    public static String tlsServerKeyPath = System.getProperty(TLS_SERVER_KEYPATH, null);

    /**
     * 服务器端私钥的密码
     */
    public static String tlsServerKeyPassword = System.getProperty(TLS_SERVER_KEYPASSWORD, null);

    /**
     * PEM格式的服务器端X.509证书链的存储路径
     */
    public static String tlsServerCertPath = System.getProperty(TLS_SERVER_CERTPATH, null);

    /**
     * 确定是否严格验证客户端终结点的证书
     */
    public static boolean tlsServerAuthClient =
        Boolean.parseBoolean(System.getProperty(TLS_SERVER_AUTHCLIENT, "false"));

    /**
     * 用于验证客户端终结点证书的受信任证书的存储路径
     */
    public static String tlsServerTrustCertPath = System.getProperty(TLS_SERVER_TRUSTCERTPATH, null);

    /**
     * 指示有关客户端身份验证的状态{@link javax.net.ssl.SSLEngine}。此配置项仅在构建服务器端{@link SslContext}时适用， 可以设置为none, require or
     * optional.{@link io.netty.handler.ssl.ClientAuth}
     */
    public static String tlsServerNeedClientAuth = System.getProperty(TLS_SERVER_NEED_CLIENT_AUTH, "none");

}
